- Move p_cpulimit to struct proc from struct plimit and protect it with

  sched_lock.  This means that we no longer access p_limit in mi_switch()
  and the p_limit pointer can be protected by the proc lock.
- Remove PRS_ZOMBIE check from CPU limit test in mi_switch().  PRS_ZOMBIE
  processes don't call mi_switch(), and even if they did there is no longer
  the danger of p_limit being NULL (which is what the original zombie check
  was added for).
- When we bump the current processes soft CPU limit in ast(), just bump the
  private p_cpulimit instead of the shared rlimit.  This fixes an XXX for
  some value of fix.  There is still a (probably benign) bug in that this
  code doesn't check that the new soft limit exceeds the hard limit.

Inspired by:	bde (2)

6 files changed, 11 insertions, 17 deletions

diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c
index 3b97e60..e27958d 100644
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@@ -424,8 +424,8 @@ proc0_init(void *dummy __unused)
 	limit0.pl_rlimit[RLIMIT_RSS].rlim_max = i;
 	limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_max = i;
 	limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_cur = i / 3;
-	limit0.p_cpulimit = RLIM_INFINITY;
 	limit0.p_refcnt = 1;
+	p->p_cpulimit = RLIM_INFINITY;
 
 	/* Allocate a prototype map so we have something to fork. */
 	pmap_pinit0(vmspace_pmap(&vmspace0));
diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c
index 7eb9480..668a8a2 100644
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@@ -565,10 +565,9 @@ dosetrlimit(td, which, limp)
 	switch (which) {
 
 	case RLIMIT_CPU:
-		if (limp->rlim_cur > RLIM_INFINITY / (rlim_t)1000000)
-			p->p_limit->p_cpulimit = RLIM_INFINITY;
-		else
-			p->p_limit->p_cpulimit = limp->rlim_cur;
+		mtx_lock_spin(&sched_lock);
+		p->p_cpulimit = limp->rlim_cur;
+		mtx_unlock_spin(&sched_lock);
 		break;
 	case RLIMIT_DATA:
 		if (limp->rlim_cur > maxdsiz)
diff --git a/sys/kern/kern_synch.c b/sys/kern/kern_synch.c
index b0f9d92..29c3838 100644
--- a/sys/kern/kern_synch.c
+++ b/sys/kern/kern_synch.c
@@ -786,15 +786,9 @@ mi_switch(void)
 	/*
 	 * Check if the process exceeds its cpu resource allocation.  If
 	 * over max, arrange to kill the process in ast().
-	 *
-	 * XXX The checking for p_limit being NULL here is totally bogus,
-	 * but hides something easy to trip over, as a result of us switching
-	 * after the limit has been freed/set-to-NULL.  A KASSERT() will be
-	 * appropriate once this is no longer a bug, to watch for regression.
 	 */
-	if (p->p_state != PRS_ZOMBIE && p->p_limit != NULL &&
-	    p->p_limit->p_cpulimit != RLIM_INFINITY &&
-	    p->p_runtime.sec > p->p_limit->p_cpulimit) {
+	if (p->p_cpulimit != RLIM_INFINITY &&
+	    p->p_runtime.sec > p->p_cpulimit) {
 		p->p_sflag |= PS_XCPU;
 		ke->ke_flags |= KEF_ASTPENDING;
 	}
diff --git a/sys/kern/subr_trap.c b/sys/kern/subr_trap.c
index 9eaeec2..c53edc3 100644
--- a/sys/kern/subr_trap.c
+++ b/sys/kern/subr_trap.c
@@ -241,9 +241,10 @@ ast(struct trapframe *framep)
 			killproc(p, "exceeded maximum CPU limit");
 		else {
 			psignal(p, SIGXCPU);
-			if (rlim->rlim_cur < rlim->rlim_max)
-				/* XXX: we should make a private copy. */
-				rlim->rlim_cur += 5;
+			mtx_lock_spin(&sched_lock);
+			if (p->p_cpulimit < rlim->rlim_max)
+				p->p_cpulimit += 5;
+			mtx_unlock_spin(&sched_lock);
 		}
 		PROC_UNLOCK(p);
 	}
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 33279db..2c5c437 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -573,6 +573,7 @@ struct proc {
 	struct pgrp	*p_pgrp;	/* (c + e) Pointer to process group. */
 	struct sysentvec *p_sysent;	/* (b) Syscall dispatch info. */
 	struct pargs	*p_args;	/* (c) Process arguments. */
+	rlim_t		p_cpulimit;	/* (j) Current CPU limit in seconds. */
 /* End area that is copied on creation. */
 #define	p_endcopy	p_xstat
 
diff --git a/sys/sys/resourcevar.h b/sys/sys/resourcevar.h
index 8459246..581c1e7 100644
--- a/sys/sys/resourcevar.h
+++ b/sys/sys/resourcevar.h
@@ -82,7 +82,6 @@ struct plimit {
 #define	PL_SHAREMOD	0x01		/* modifications are shared */
 	int	p_lflags;
 	int	p_refcnt;		/* number of references */
-	rlim_t	p_cpulimit;		/* current cpu limit in sec */
 };
 
 #ifdef _KERNEL